Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.
References
Configurations
History
21 Nov 2024, 07:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf - Product | |
References | () https://labs.yarix.com/advisories/cve-2023-29714-dom-based-xss-in-vade-secure-gateway/ - Third Party Advisory | |
References | () https://www.vadesecure.com/en/ - Product |
16 Jun 2023, 17:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 | |
CPE | cpe:2.3:a:vadesecure:secure_gateway:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.vadesecure.com/en/ - Product | |
References | (MISC) https://labs.yarix.com/advisories/cve-2023-29714-dom-based-xss-in-vade-secure-gateway/ - Third Party Advisory | |
References | (MISC) https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf - Product |
09 Jun 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-09 19:15
Updated : 2024-11-21 07:57
NVD link : CVE-2023-29714
Mitre link : CVE-2023-29714
CVE.ORG link : CVE-2023-29714
JSON object : View
Products Affected
vadesecure
- secure_gateway
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')